Support for plugin only request during initialization #93
Conversation
|
@ben181231, thanks for your PR! By analyzing the annotation information on this pull request, we identified @rickmak to be a potential reviewer |
ben181231
force-pushed
the
plugin-init-state
branch
from
5c95dac
to
6c923c4
Compare
| @@ -60,6 +60,7 @@ def _request_url(self, action_name): | |||
| def _payload(self, action_name, params): | |||
| payload = params.copy() if isinstance(params, dict) else {} | |||
| payload['action'] = action_name | |||
| payload['_from_plugin'] = True | |||
There was a problem hiding this comment.
I think this attribute need master_key in place to take effects?
There was a problem hiding this comment.
I think the field _from_plugin just indicates that the request is from plugin / cloud code. Whether the request should be accepted, it should be determined by Skygear server.
There was a problem hiding this comment.
I side with @rickmak here you need to authenticate the request with a master key. Otherwise the skygear-server would not know whether the request really comes from a plugin.
There was a problem hiding this comment.
I think the developer has to be explicit in saying that the request will have the _from_plugin attribute. This is because the attribute requires master key and the master key has other implication (such as allowing schema migration). I don’t want every request to be authenticated with master key.
If you authenticate all requests with master key, you might as well allow all requests with master key to go through regardless of whether the request comes from a plugin.
There was a problem hiding this comment.
I don’t want every request to be authenticated with master key.
I got it. So I will make it explicit so that user may need to call it like:
master_container = SkygearContainer(api_key=options.master_key)
master_container.send_action("some:action", params, plugin_request=True)Does it make sense ?
| @@ -60,6 +60,7 @@ def _request_url(self, action_name): | |||
| def _payload(self, action_name, params): | |||
| payload = params.copy() if isinstance(params, dict) else {} | |||
| payload['action'] = action_name | |||
| payload['_from_plugin'] = True | |||
There was a problem hiding this comment.
I side with @rickmak here you need to authenticate the request with a master key. Otherwise the skygear-server would not know whether the request really comes from a plugin.
| @@ -30,6 +30,7 @@ | |||
| UndefinedOperation = 117 | |||
| PluginUnavailable = 118 | |||
| PluginTimeout = 119 | |||
| PluginInitializing = 120 | |||
There was a problem hiding this comment.
See the updated code list in skygear-server.
| @@ -60,6 +60,7 @@ def _request_url(self, action_name): | |||
| def _payload(self, action_name, params): | |||
| payload = params.copy() if isinstance(params, dict) else {} | |||
| payload['action'] = action_name | |||
| payload['_from_plugin'] = True | |||
There was a problem hiding this comment.
I think the developer has to be explicit in saying that the request will have the _from_plugin attribute. This is because the attribute requires master key and the master key has other implication (such as allowing schema migration). I don’t want every request to be authenticated with master key.
If you authenticate all requests with master key, you might as well allow all requests with master key to go through regardless of whether the request comes from a plugin.
ben181231
force-pushed
the
plugin-init-state
branch
from
6c923c4
to
177320c
Compare
|
Updated. |
cheungpat
dismissed
rickmak’s stale review
His comments are addressed in my review.
connect SkygearIO/skygear-server#219